
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.usptO.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/934,477 



08/23/2001 



Sung-Kyun Park 



34610 7590 03/09/2006 

FLESHNER & KIM, LLP 
P.O. BOX 221200 
CHANTILLY, VA 20153 



P-218 



8429 



EXAMINER 



NALVEN, ANDREW L 



ART UNIT 



PAPER NUMBER 



2134 

DATE MAILED: 03/09/2006 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



s 



Office Action Summary 


Application No. 

09/934,477 


Applicant(s) 

PARK, SUNG-KYUN 


Examiner 
Andrew L Nalven 


Art Unit 

2134 * 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address •• 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on 05 December 2005 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [x] Claim(s) 1-24 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) 13 Claim(s) 1-2. 8-9. 11-18. 20. 24 is/are rejected. 

7) S Claim(s) 1.3-7.10.19 and 21-23 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) S The drawing(s) filed on 23 August 2001 is/are: a)G<3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) 13 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)l3 All b)D Some * c)H None of: 

1 .(3 Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) □ Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 
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DETAILED ACTION 



1 . Claims 1 -23 are pending. 



Response to Arguments 



2. Applicant's arguments regarding the RFC 21 39 reference are moot in view of the 
new grounds of rejection. 

3. Applicant's arguments regarding the RFC 2138 reference and the Hluchyj 
reference filed 5 December 2005 have been fully considered but they are not 
persuasive. 

4. Applicant has argued on pages 14-15 that the Hluchyj reference fails to teach 
authenticating an access request message prior to performing user authentication of the 
access-request message such that abnormal access-request messages are not 
processed for user authentication. Examiner respectfully disagrees. Hluchyj teaches 
authenticating an access-request message prior to performing user authentication of the 
access-request message (Hluchyj, column 3 lines 49-57, authentication, column 6 lines 
1-19, error correction) by teaching error correction occurring at the modem before 
authentication occurs (Hluchyg, column 6 lines 1-36). After error correction the 
message is normal and thus no abnormal messages are processed for user 
authentication. 
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5. Applicant has argued on page 19 that Rigney's RFC 2138 fails to teach 
processing the access request message if the access-request message is successfully 
verified. Examiner respectfully disagrees. Rigney teaches processing the access 
request message if the access-request message is successfully verified (Rigney RFC 
2138, Page 6) by teaching the verifying of the message to determine if the request is 
from a user who shares a secret with the server. If this test is positive, then the 
message is fully processed by verification of the password and the determining of any 
requirements which also must be met to allow access by the user. 



Claim Objections 

6. Claim 1 is objected to because of the following informalities: claim 1 provides the 
limitation "having an authenticator field that is filled prescribed with a value." This 
appears grammatically incorrect. Examiner suggests a correction to read "having an 
authenticator that is filled with a prescribed value." Appropriate correction is required. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
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only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claim 20 is rejected under 35 U.S.C. 102(e) as being anticipated by Hluchyj et al 
US Patent No. 6,282,193. 

8. With regards to claim 20, Hluchyj teaches authenticating an access-request 
message prior to performing user authentication of the access-request message 
(Hluchyj, column 3 lines 49-57, authentication, column 6 lines 1-19, error correction). 

Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10. Claims 1-2, 8-9, 11-14, 15-18, 24-27 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Rigney et al RFC 2138 in view of West et al US Patent No. 
6,538,996. 

11. With regards to claims 1 (as best understood), 12, 14, 17-18, 24-26, Rigney RFC 
2138 teaches writing a temporary randomly generated authenticator value in an 
attribute field of an access-request message (Rigney RFC 2138, Page 11, "Request 
Authenticator" value should be unpredictable and unique), encrypting a user password 
using the temporary authenticator value (Rigney RFC 2138, Page 12, shared secret 
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followed by Request Authenticator is hashed used to XOR password, 16 octet, Page 22 
Section 5.2), transmitting the final access request message to an Authentication, 
Authorization, and Accounting server (Rigney RFC 2138, Page 6, receives request), 
and verifying the access-request message by the AAA server (Rigney RFC 2138, Page 
6, validates sending client). Rigney RFC 2138 fails to teach the executing of an 
encryption algorithm to generate a message digest and the filling of fields of a request 
message. West teaches executing an encryption algorithm using the access request 
message having the temporary authenticator value and the user password to generate 
a message digest (West, column 28 lines 25-29, hash of random and password), the 
access request message having an authenticator field that is filled with a prescribed 
value, generating a final access-request message, the final-access request message 
being generated by using the access request message (West, column 28 lines 25-33, 
generates using password and random) and replacing the value of the authenticator 
field with the message digest (West, column 28 lines 25-33, authenticator field filled with 
random number, replaces value with hash value, random discarded). At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to 
utilize West's method of creating message digests with Rigney's RFC 2138 because it 
offers the advantage of allowing a method of authenticating messages between a client 
and accounting server without sending a password in the clear (West, column 28 lines 
25-33). 
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12. With regards to claims 2, 16, Rigney as modified teaches the prescribed value is 
a value previously defined between a foreign agent and the AAA server (West, column 
28 lines 10-55, random number previously defined). 

13. With regards to claims 8, 13, 15 and 27, Rigney as modified teaches the 
randomly generated authenticator value being created differently every time a message 
is generated (Rigney RFC 2138, Page 11, "Request Authenticator" value should be 
unpredictable and unique). 

14. With regards to claim 9, Rigney teaches the writing of an authenticator value for 
authenticating an access-request message in an authenticator field of an access- 
request message and transmitting an access request message (Rigney RFC 2138, 
Page 1 1 , "Request Authenticator value should be unpredictable and unique), verifying 
the access-request message by using the authenticator value of the access-request 
message when the access-request message is received (Rigney RFC 2138, Page 6, 
validates sending client), decoding the access-request message if the access-request 
message is successfully verified (Rigney RFC 2138, Page 6, validates sending client) 

15. Claim 11 is rejected under 35 U.S.C. 103(a) as being unpatentable over Rigney 
et al RFC 2138 in view of West et al US Patent No. 6,538,996, as applied to claim 9 
above, and in further view of Morgan et al US Patent No. 6,088,799. 

16. With regards to claim 1 1 , Rigney as modified teaches an encrypted user 
password written in an attribute field of an access-request message (Rigney RFC 2138, 
Page 12), but fails to teach the decrypting of the user password and comparison with a 
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stored user password. Morgan teaches decrypting the user password (Morgan, column 
7 line 66 - column 8 line 16), comparing the decrypted user password and a user 
password stored in a database (Morgan, column 8 lines 4-7), determining that the user 
authentication is successful if the decrypted password and the stored user password 
are identical to each other and determining that the user authentication has failed if the 
decrypted user password and the stored user password are not identical to each other 
(Morgan, column 8 lines 7-16). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to utilize Morgan's password checking 
system with Rigney as modified because it offers the advantage of ensuring that only 
authenticated user's gain access to sensitive data such as encryption keys (Morgan, 
column 3 line 65 - column 4 line 7). 



Allowable Subject Matter 



17. Claims 3-7, 10, 19, 21-23 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

1 8. The following is a statement of reasons for the indication of allowable subject 
matter: 

19. With regards to claims 3-7, 10, 19, 21-23, the cited claims provide limitations 
requiring "temporarily storing the contents of the authenticator field of the access- 
request message; filling the authenticator field with the prescribed value; performing an 



Application/Control Number: 09/934,477 Page 8 

Art Unit: 2134 

encrypting algorithm to obtain a message digest; and verifying the access-request 
message by comparing the temporarily stored authenticator value to the message 
digest." The cited prior art fails to specifically teach or suggest the steps of temporarily 
storing the contents of the authenticator field, re-filling the authenticator field with the 
prescribed value, and obtaining a message digest as defined in the cited claim. Thus 
the cited prior art fails to anticipate or render obvious the above-cited claims. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L. Nalven whose telephone number is 571 272 
3839. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571 272 3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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drew Nah 



A . Kl , HOSUKSONG 
Andrew Nalven PRIMARY EXAMWER 



